Microsoft Beats Secret FBI Data Request

In a rare legal challenge, Microsoft fought against a secretive data requests from the FBI last year — a National Security Letter (NSL) — and forced the feds to back down, the company revealed Thursday.

The FBI asked for Microsoft data concerning an unnamed enterprise customer's account with an NSL in late 2013. The request came with a gag order, which is normal for NSLs, meaning the company could not disclose the request to anyone, including the customer.

Microsoft, however, challenged the gag order in court, alleging it violated its free speech rights. After the challenge, the FBI withdrew its NSL.

"We concluded that the nondisclosure provision was unlawful and violated our Constitutional right to free expression," wrote Microsoft's general counsel Brad Smith in the blog post. "It did so by hindering our practice of notifying enterprise customers when we receive legal orders related to their data."

After that, Microsoft decided to ask the judge for permission to release information about the case to the public, and requested the judge unseal the documents of the case. Once the two sides came to an agreement, the judge did so.

The power of NSLs were expanded by the Patriot Act after 9/11, and privacy advocates have been fighting them for years. They were cautiously optimistic about Microsoft's win.

"This is a really encouraging sign that the companies that we trust with our sensitive information are beginning to stand up for our privacy," Alex Abdo, a staff attorney with the American Civil Liberties Union, told Mashable.

On the flip side, the fact that the challenge concluded in an agreement rather than a court ruling doesn't help the larger fight against NSLs, Abdo warned.

"Unfortunately until there's either legislative reform or a definitive legal ruling, the excessive secrecy that we've seen with NSLs will likely continue," he said.

It's unclear why the FBI decided to withdraw its request. But one of the unsealed documents reveals that even though the FBI withdrew the letter it sent to Microsoft, the feds were able to acquire the data they were looking for "through lawful means from a third party, the Customer, in a way that maintains the confidentiality of the underlying investigation." No other details were provided.

"It's certainly possible that the FBI realized they had a losing argument," Abdo says, pointing to a case currently being fought by the Electronic Frontier Foundation (EFF) on behalf of an anonymous recipient. "They are litigating the same question now in front of an appeals court in California and they might be trying to cut their losses."

In that ongoing case, U.S. District Judge Susan Illston has ruled that NSLs are unconstitutional; the U.S. government has appealed the ruling.

Even with all these caveats, Microsoft's challenge is a rare peek into the inner workings of a NSL case. We know of very few other cases precisely because of the gag orders that usually accompany them.

Google became the first major tech company to challenge NSLs in court, following the now famous example of Nicholas Merill, the owner of a small New York City-based Internet Service Provider.

Merrill challenged an NSL he received from the FBI in 2004, but wasn't allowed to even reveal that he was the recipient of that letter for six years.

Such challenges likely remain few and far between. From 2003 to 2011, the FBI issued almost 290,000 national security letters to organizations around the United States, according to Department of Justice reports.

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.